diff --git a/Active Directory/Solvinity_Account-expiration-send_mail.ps1 b/Active Directory/Solvinity_Account-expiration-send_mail.ps1 new file mode 100644 index 0000000..ca8fe15 --- /dev/null +++ b/Active Directory/Solvinity_Account-expiration-send_mail.ps1 @@ -0,0 +1,105 @@ +<# +.SYNOPSIS + This script is used in order to send an message to users of an organisation that their password will expire in the near feature. + +.DESCRIPTION + within this script you can specify when you want the first warning to be send and start from how many days there will be a daily email. + If you set the $STR_FirstReminder and $STR_DailyReminders equal to eachother, the users will receive a daily email reminder only. + + Also change the function SendMailv2 in a way that it can be used in your specific case. + +.NOTES + Author: D.de Kooker - info@dcomputers.nl + Version: 1.1 + + DISCLAIMER: Use scripts at your own risk, if there is anything I can help you with I will try but I do not take responsibility for the way that anyone else uses my scripts. + Sharing is caring. Share your knowledge with the world so that everybody can learn from it. + +.LINK + The latest version can Always be found on my GIT page on the link below: + + +.COMPONENT + In order to run this script you will need the ActiveDirectory Powershell Module and in order to send email you will need a working SMTP server. +#> + +#region Global script settings and variables + $STR_SMTPServer = "" + $STR_SMTPServerPort = "" + $STR_SMTPUsername = "" + $STR_SMTPPassword = "" + $STR_SMTPFromaddress = "Servicedesk ICT " + $STR_AdminEmail = "servicedesk@contoso.com,systemengineer1@contoso.com" #List of commaseperated emailaddresses of the admins + $STR_DateFormat = "dd-MM-yyyy" + $STR_Date = Get-Date -Format $STR_DateFormat + $STR_Domain = "" #This is placed in the email title + $STR_OUSearchBase = "OU=Users,DC=CONTOSO,DC=COM" #Coma seperated list of OU searchbases + $STR_LogfileLocation = "$($MyInvocation.MyCommand.Path | Split-Path -Parent)\Logs" + $STR_Logfile = "$STR_LogfileLocation\$STR_Date.log" + $STR_LogfileNOemail = "$STR_LogfileLocation\$STR_Date-noemail.log" + + $STR_FirstReminder = "14" #After this amount of days the first mail message will be sent to the user reminding them to change thier password. + $STR_DailyReminders = "7" #After this amount of days users will receive a daily message about thier password + +#endregion + +#region Functions + function SendMailv2 ($To,$Subject,$Body){ + $SMTPClient = New-Object Net.Mail.SmtpClient($STR_SMTPServer, $STR_SMTPServerPort) + # $SMTPClient.EnableSsl = $true + $SMTPClient.Credentials = New-Object System.Net.NetworkCredential($STR_SMTPUsername, $STR_SMTPPassword); + $SMTPMessage = New-Object System.Net.Mail.MailMessage($STR_SMTPFromaddress,$To,$Subject,$Body) + $SMTPMessage.IsBodyHTML = $true + $SMTPClient.Send($SMTPMessage) + } +#endregion + +#region prerequisites + #Check if folders exists or create them + if (!(test-path $STR_LogfileLocation)) {mkdir $STR_LogfileLocation} +#endregion + +#region script + #Collect all users and the attributes we need + foreach ($SearchBase in $STR_OUSearchBase) { + $QRY_ADUsers = Get-ADUser -SearchBase $SearchBase -Filter {Enabled -eq $true -and PasswordNeverExpires -eq $false } -Properties 'msDS-UserPasswordExpiryTimeComputed', 'mail' + + #Start foreach statement of above query + foreach ($User in $QRY_ADUsers) { + $STR_ExpireDate = [datetime]::FromFileTime( $User.'msDS-UserPasswordExpiryTimeComputed' ) + $STR_ExpireDate_String = $STR_ExpireDate.ToString($STR_DateFormat) + + #Calculate the days remaining + $VAR_DaysRemaining = New-TimeSpan -Start $(Get-Date) -End $STR_ExpireDate + $VAR_DaysRemaining = $VAR_DaysRemaining.Days + + #Collect user information into variables + $VAR_User_Name = $User.GivenName + $VAR_User_Email = $User.mail + $VAR_User_Account = $User.SamAccountName + + #Write logging for users without email variable + if ($null -eq $VAR_User_Email){ + "Wachtwoord van $VAR_User_Name ($VAR_User_Account), Verloopt over: $VAR_DaysRemaining dagen, op: $STR_ExpireDate_String, Geen email adress gevonden!
" >> $STR_LogfileNOemail + } + + #Send email message if password is expiring + if ($VAR_DaysRemaining -eq $STR_FirstReminder -or $VAR_DaysRemaining -le $STR_DailyReminders -and $null -ne $VAR_User_Email -and $VAR_DaysRemaining -ge 0) { + $VAR_Subject = "Uw $STR_Domain wachtwoord verloopt over $VAR_DaysRemaining dagen" + $INP_Body = Get-Content "$($MyInvocation.MyCommand.Path | Split-Path -Parent)\Template-KSANL.htm" -Raw + Invoke-Expression "`$VAR_Body = `@""`n`r$INP_Body`n`r""`@" + + SendMailv2 -To $VAR_User_Email -Subject $VAR_Subject -Body $VAR_Body + } + "Email verstuurd naar:$VAR_User_Email, het wachtwoord verloopt over: $VAR_DaysRemaining dagen, op: $STR_ExpireDate_String" >> $STR_Logfile + } + } + #Send mail message to administartors with accounts without email + if (Test-Path $STR_LogfileNOemail -PathType Leaf) { + $VAR_Subject = "ERROR: Accounts op $STR_Domain gevonden waarbij het wachtwoord verloopt zonder email!" + $VAR_Body = Get-Content $STR_LogfileNOemail + + SendMailv2 -To $STR_AdminEmail -Subject $VAR_Subject -Body $VAR_Body + } + +#endregion \ No newline at end of file